MySQL 8.3.0
Source Code Documentation
sql_rewrite.h
Go to the documentation of this file.
1/* Copyright (c) 2011, 2023, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef SQL_REWRITE_INCLUDED
24#define SQL_REWRITE_INCLUDED
25
26#include <set>
27#include "my_sqlcommand.h"
28#include "sql/table.h"
29
30/* Forward declarations */
31class THD;
32class LEX_GRANT_AS;
33/**
34 Target types where the rewritten query will be added. Query rewrite might
35 vary based on this type.
36*/
37enum class Consumer_type {
38 TEXTLOG, /* General log, slow query log and audit log */
39 BINLOG, /* Binary logs */
40 STDOUT /* Standard output */
41};
42
43/**
44 An interface to wrap the parameters required by specific Rewriter.
45 Parameters required by specific Rewriter must be added in the concrete
46 implementation.
47 Clients need to wrap the parameters in specific concrete object.
48 The Rewrite_params objects are not expected to change and are passed around as
49 const objects.
50*/
52 protected:
53 virtual ~Rewrite_params() = default;
54};
55
56/**
57 Wrapper object for user related parameters required by:
58 SET PASSWORD|CREATE USER|ALTER USER statements.
59*/
61 public:
62 User_params(std::set<LEX_USER *> *users_set)
63 : Rewrite_params(), users(users_set) {}
64 std::set<LEX_USER *> *users;
65};
66
67/**
68 Wrapper object for parameters required by SHOW CREATE USER statement.
69*/
71 public:
72 Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex,
73 String *param_metadata_str)
76 print_identified_with_as_hex_(print_identified_with_as_hex),
77 metadata_str(param_metadata_str) {}
81};
82
83/**
84 Wrapper object for parameters required for GRANT statement.
85*/
87 public:
88 Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
90 grant_as_provided(grant_as_specified),
91 grant_as_info(grant_as) {}
94};
95
96/**
97 Provides the default interface to rewrite the SQL statements to
98 to obfuscate passwords.
99 It either sets the thd->rewritten_query with a rewritten query,
100 or clears it if no rewriting took place.
101*/
103 const Rewrite_params *params = nullptr);
104/**
105 Provides the default interface to rewrite the ACL query.
106 If do_ps_instrument, it sets the thd->rewritten_query with
107 a rewritten query.
108*/
110 const Rewrite_params *params = nullptr,
111 bool do_ps_instrument = true);
112
113/**
114 An abstract base class to enable the implementation of various query
115 rewriters. It accepts a THD pointer and the intended target type where the
116 query will to be written. It either sets the thd->rewritten_query with a
117 rewritten query, or clears it if no rewriting took place. Concrete classes
118 must implement the rewrite() method to rewrite the query. Despite concrete
119 classes may accept additional parameters, it is recommended not to create
120 their objects directly.
121*/
123 public:
124 /* Constructors and destructors */
126 virtual ~I_rewriter();
127 /* Prohibit the copy of the object */
128 I_rewriter(const I_rewriter &) = delete;
129 const I_rewriter &operator=(const I_rewriter &) = delete;
130 I_rewriter(const I_rewriter &&) = delete;
131 const I_rewriter &operator=(const I_rewriter &&) = delete;
132 /* Reset the previous consumer type before rewriting the query */
134 /* Return the current consumer type */
136 /* Concrete classes must implement the logic to rewrite query here */
137 virtual bool rewrite(String &rlb) const = 0;
138
139 protected:
140 THD *const m_thd;
142};
143/**
144 Abstract base class to define the skeleton of rewriting the users, yet
145 deferring some steps to the concrete classes. The implementation in specific
146 steps might vary according to SQL or the consumer type.
147*/
148class Rewriter_user : public I_rewriter {
149 protected:
150 Rewriter_user(THD *thd, Consumer_type target_type);
151 /*
152 Provides the skeleton to rewrite the users. The actual user is rewritten
153 through the concrete implementation of private methods.
154 */
155 void rewrite_users(LEX *lex, String *str) const;
156 /* Append the literal value <secret> to the str */
157 void append_literal_secret(String *str) const;
158 /* Append the password hash to the output string */
159 virtual void append_auth_str(LEX_USER *lex, String *str) const;
160 /* Append the authentication plugin name for the user */
161 void append_plugin_name(const LEX_USER *user, String *str) const;
162 /* Append authentication plugin name from LEX_MFA for the user */
163 void append_mfa_plugin_name(const LEX_MFA *user, String *str) const;
164 /* Append the authentication string from LEX_MFA for the user */
165 void append_mfa_auth_str(const LEX_MFA *user, String *str) const;
166
167 /*
168 Rewrites some of the user specific properties which are common to
169 concrete classes.
170 */
171 bool rewrite(String &rlb) const override;
172 /*
173 Abstract method to be implemented by the concrete classes.
174 The implementation methods should add the user authID, plugin info and
175 auth str
176 */
177 virtual void append_user_auth_info(LEX_USER *user, bool comma,
178 String *str) const = 0;
179 /* Append the PASSWORD REUSE OPTIONS clause for users */
180 virtual void rewrite_password_history(const LEX *lex, String *str) const = 0;
181 /* Append the PASSWORD REUSE OPTIONS clause for users */
182 virtual void rewrite_password_reuse(const LEX *lex, String *str) const = 0;
183 /* Append the ATTRIBUTE or COMMENT clause for user */
185 String *str) const = 0;
186 /* Use LEX to reconstruct the ATTRIBUTE or COMMENT clauses */
188 String *str) const;
189
190 private:
191 /* Append the SSL OPTIONS clause for users */
192 void rewrite_ssl_properties(const LEX *lex, String *str) const;
193 /* Append the RESOURCES OPTIONS clause for users */
194 void rewrite_user_resources(const LEX *lex, String *str) const;
195 /* Append the ACCOUNT LOCK OPTIONS clause for users */
196 void rewrite_account_lock(const LEX *lex, String *str) const;
197 /* Append the PASSWORD EXPIRED OPTIONS clause for users */
198 void rewrite_password_expired(const LEX *lex, String *str) const;
199 /* Append the PASSWORD REQUIRE CURRENT clause for users */
201 /* Append FAILED_LOGIN_ATTEMPTS/PASSWORD_LOCK_TIME */
202 void rewrite_account_lock_state(LEX *lex, String *str) const;
203 /* Append the DEFAULT ROLE OPTIONS clause */
204 void rewrite_default_roles(const LEX *lex, String *str) const;
205};
206/** Rewrites the CREATE USER statement. */
209
210 public:
212 bool rewrite(String &rlb) const override;
214 String *str) const override;
215
216 private:
217 void append_user_auth_info(LEX_USER *user, bool comma,
218 String *str) const override;
219 void rewrite_password_history(const LEX *lex, String *str) const override;
220 void rewrite_password_reuse(const LEX *lex, String *str) const override;
221};
222/** Rewrites the ALTER USER statement. */
223class Rewriter_alter_user final : public Rewriter_user {
225
226 public:
228 bool rewrite(String &rlb) const override;
230 String *str) const override;
231
232 private:
233 void append_user_auth_info(LEX_USER *user, bool comma,
234 String *str) const override;
235 void rewrite_password_history(const LEX *lex, String *str) const override;
236 void rewrite_password_reuse(const LEX *lex, String *str) const override;
237};
238/** Rewrites the SHOW CREATE USER statement. */
241
242 public:
244 const Rewrite_params *params);
245 bool rewrite(String &rlb) const override;
247 String *str) const override;
248
249 protected:
250 /* Append the password hash to the output string */
251 void append_auth_str(LEX_USER *lex, String *str) const override;
252
253 private:
254 void append_user_auth_info(LEX_USER *user, bool comma,
255 String *str) const override;
256 void rewrite_password_history(const LEX *lex, String *str) const override;
257 void rewrite_password_reuse(const LEX *lex, String *str) const override;
259};
260
261/** Rewrites the SET statement. */
262class Rewriter_set : public I_rewriter {
263 public:
265 bool rewrite(String &rlb) const override;
266};
267/*
268 Rewrites the SET PASSWORD statement
269*/
272
273 public:
275 const Rewrite_params *params);
276 bool rewrite(String &rlb) const override;
277
278 private:
279 /* Name of the user whose password has to be changed */
280 std::set<LEX_USER *> *m_users = nullptr;
281};
282
283/** Rewrites the GRANT statement. */
284class Rewriter_grant final : public I_rewriter {
285 public:
286 Rewriter_grant(THD *thd, Consumer_type type, const Rewrite_params *params);
287 bool rewrite(String &rlb) const override;
288
289 private:
290 /* GRANT AS information */
291 const Grant_params *grant_params = nullptr;
292};
293
294/** Rewrites the CHANGE REPLICATION SOURCE statement. */
296 public:
298 bool rewrite(String &rlb) const override;
299};
300
301/** Rewrites the START REPLICA statement. */
302class Rewriter_replica_start final : public I_rewriter {
303 public:
305 bool rewrite(String &rlb) const override;
306};
307/** Base class for SERVER OPTIONS related statement */
309 public:
311
312 protected:
313 // Append the SERVER OPTIONS clause
314 void mysql_rewrite_server_options(const LEX *lex, String *str) const;
315};
316/** Rewrites the CREATE SERVER statement. */
319
320 public:
322 bool rewrite(String &rlb) const override;
323};
324/** Rewrites the ALTER SERVER statement. */
327
328 public:
330 bool rewrite(String &rlb) const override;
331};
332
333/** Rewrites the PREPARE statement.*/
334class Rewriter_prepare final : public I_rewriter {
335 public:
337 bool rewrite(String &rlb) const override;
338};
339
340/** Rewrites CLONE statement.*/
341class Rewriter_clone final : public I_rewriter {
342 public:
344 bool rewrite(String &rlb) const override;
345};
346
347/** Rewrites the START GROUP_REPLICATION command.*/
349 public:
351 bool rewrite(String &rlb) const override;
352};
353
354#endif /* SQL_REWRITE_INCLUDED */
Wrapper object for parameters required for GRANT statement.
Definition: sql_rewrite.h:86
Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
Definition: sql_rewrite.h:88
bool grant_as_provided
Definition: sql_rewrite.h:92
LEX_GRANT_AS * grant_as_info
Definition: sql_rewrite.h:93
An abstract base class to enable the implementation of various query rewriters.
Definition: sql_rewrite.h:122
Consumer_type consumer_type()
Return the current consumer type set in the object.
Definition: sql_rewrite.cc:423
virtual ~I_rewriter()
const I_rewriter & operator=(const I_rewriter &&)=delete
I_rewriter(const I_rewriter &)=delete
virtual bool rewrite(String &rlb) const =0
Consumer_type m_consumer_type
Definition: sql_rewrite.h:141
I_rewriter(const I_rewriter &&)=delete
void set_consumer_type(Consumer_type type)
Reset the previous consumer type.
Definition: sql_rewrite.cc:415
const I_rewriter & operator=(const I_rewriter &)=delete
THD *const m_thd
Definition: sql_rewrite.h:140
I_rewriter(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:404
Definition: sql_lex.h:3707
An interface to wrap the parameters required by specific Rewriter.
Definition: sql_rewrite.h:51
virtual ~Rewrite_params()=default
Rewrites the ALTER SERVER statement.
Definition: sql_rewrite.h:325
Rewriter_alter_server(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1711
bool rewrite(String &rlb) const override
Rewrite the query for the ALTER SERVER statement.
Definition: sql_rewrite.cc:1722
Rewrites the ALTER USER statement.
Definition: sql_rewrite.h:223
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users iff it is specified.
Definition: sql_rewrite.cc:1015
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin and auth str of the user to output string :
Definition: sql_rewrite.cc:938
void rewrite_user_application_user_metadata(const LEX *lex, String *str) const override
Default implementation of the the rewriter for user applicatiton user metadata.
Definition: sql_rewrite.cc:492
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users iff it is specified.
Definition: sql_rewrite.cc:1027
Rewriter_alter_user(THD *thd, Consumer_type type=Consumer_type::TEXTLOG)
Definition: sql_rewrite.cc:908
bool rewrite(String &rlb) const override
Rewrite the query for the ALTER USER statement.
Definition: sql_rewrite.cc:918
Rewrites the CHANGE REPLICATION SOURCE statement.
Definition: sql_rewrite.h:295
bool rewrite(String &rlb) const override
Rewrite the query for the CHANGE REPLICATION SOURCE statement.
Definition: sql_rewrite.cc:1469
Rewriter_change_replication_source(THD *thd, Consumer_type)
Definition: sql_rewrite.cc:1457
Rewrites CLONE statement.
Definition: sql_rewrite.h:341
bool rewrite(String &rlb) const override
Rewrite the query for the CLONE statement to hide password.
Definition: sql_rewrite.cc:1769
Rewriter_clone(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1758
Rewrites the CREATE SERVER statement.
Definition: sql_rewrite.h:317
Rewriter_create_server(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1664
bool rewrite(String &rlb) const override
Rewrite the query for the CREATE SERVER statement.
Definition: sql_rewrite.cc:1693
Rewrites the CREATE USER statement.
Definition: sql_rewrite.h:207
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin and auth str of the user to output string :
Definition: sql_rewrite.cc:831
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users iff it is specified.
Definition: sql_rewrite.cc:890
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users iff it is specified.
Definition: sql_rewrite.cc:902
void rewrite_user_application_user_metadata(const LEX *lex, String *str) const override
Default implementation of the the rewriter for user applicatiton user metadata.
Definition: sql_rewrite.cc:481
Rewriter_create_user(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:800
bool rewrite(String &rlb) const override
Rewrite the query for the CREATE USER statement.
Definition: sql_rewrite.cc:810
Rewrites the GRANT statement.
Definition: sql_rewrite.h:284
bool rewrite(String &rlb) const override
Rewrite the query for the GRANT statement.
Definition: sql_rewrite.cc:1287
Rewriter_grant(THD *thd, Consumer_type type, const Rewrite_params *params)
Definition: sql_rewrite.cc:1274
const Grant_params * grant_params
Definition: sql_rewrite.h:291
Rewrites the PREPARE statement.
Definition: sql_rewrite.h:334
Rewriter_prepare(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1736
bool rewrite(String &rlb) const override
Rewrite the query for the PREPARE statement.
Definition: sql_rewrite.cc:1747
Rewrites the START REPLICA statement.
Definition: sql_rewrite.h:302
bool rewrite(String &rlb) const override
Rewrite the query for the SLAVE REPLICA statement.
Definition: sql_rewrite.cc:1602
Rewriter_replica_start(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1592
Base class for SERVER OPTIONS related statement.
Definition: sql_rewrite.h:308
void mysql_rewrite_server_options(const LEX *lex, String *str) const
Append the SERVER OPTIONS clause.
Definition: sql_rewrite.cc:1672
Rewriter_server_option(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1662
Definition: sql_rewrite.h:270
bool rewrite(String &rlb) const override
Rewrite the query for the SET PASSWORD statement.
Definition: sql_rewrite.cc:1225
std::set< LEX_USER * > * m_users
Definition: sql_rewrite.h:280
Rewriter_set_password(THD *thd, Consumer_type type, const Rewrite_params *params)
Definition: sql_rewrite.cc:1210
Rewrites the SET statement.
Definition: sql_rewrite.h:262
Rewriter_set(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1180
bool rewrite(String &rlb) const override
Rewrite the query for the SET statement.
Definition: sql_rewrite.cc:1191
Rewrites the SHOW CREATE USER statement.
Definition: sql_rewrite.h:239
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users.
Definition: sql_rewrite.cc:1115
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users.
Definition: sql_rewrite.cc:1125
Rewriter_show_create_user(THD *thd, Consumer_type type, const Rewrite_params *params)
Definition: sql_rewrite.cc:1033
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin name and suth str user to output string.
Definition: sql_rewrite.cc:1136
void rewrite_user_application_user_metadata(const LEX *lex, String *str) const override
Overrides implementation of the the rewriter for user application user metadata.
Definition: sql_rewrite.cc:1064
void append_auth_str(LEX_USER *lex, String *str) const override
A special rewriter override to make SHOW CREATE USER convert the string to hex if print_identified_wi...
Definition: sql_rewrite.cc:1083
bool rewrite(String &rlb) const override
Rewrite the query for the SHOW CREATE USER statement.
Definition: sql_rewrite.cc:1051
const Show_user_params * show_params_
Definition: sql_rewrite.h:258
Rewrites the START GROUP_REPLICATION command.
Definition: sql_rewrite.h:348
Rewriter_start_group_replication(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1774
bool rewrite(String &rlb) const override
Rewrite the query for the START GROUP_REPLICATION command.
Definition: sql_rewrite.cc:1785
Abstract base class to define the skeleton of rewriting the users, yet deferring some steps to the co...
Definition: sql_rewrite.h:148
void append_mfa_auth_str(const LEX_MFA *user, String *str) const
Append the authentication string from LEX_MFA for the user.
Definition: sql_rewrite.cc:716
void rewrite_user_resources(const LEX *lex, String *str) const
Append the user resource clauses for users.
Definition: sql_rewrite.cc:566
void append_literal_secret(String *str) const
Append the literal <secret> in place of password to the output string.
Definition: sql_rewrite.cc:502
void rewrite_password_require_current(LEX *lex, String *str) const
Append the PASSWORD REQUIRE CURRENT clause for users.
Definition: sql_rewrite.cc:629
Rewriter_user(THD *thd, Consumer_type target_type)
Definition: sql_rewrite.cc:425
void rewrite_password_expired(const LEX *lex, String *str) const
Append the PASSWORD EXPIRE clause for users iff it is specified.
Definition: sql_rewrite.cc:608
virtual void rewrite_user_application_user_metadata(const LEX *lex, String *str) const =0
void rewrite_users(LEX *lex, String *str) const
Fetch the users from user_list in LEX struct and append them to the String.
Definition: sql_rewrite.cc:767
void rewrite_in_memory_user_application_user_metadata(const LEX *user, String *str) const
Use the LEX for reconstructing the ATTRIBUTE or COMMENT clause.
Definition: sql_rewrite.cc:457
void rewrite_account_lock_state(LEX *lex, String *str) const
Append the account lock state.
Definition: sql_rewrite.cc:658
virtual void rewrite_password_history(const LEX *lex, String *str) const =0
The default implementation is to append the PASSWORD HISTORY clause iff it is specified.
Definition: sql_rewrite.cc:735
virtual void append_user_auth_info(LEX_USER *user, bool comma, String *str) const =0
void rewrite_ssl_properties(const LEX *lex, String *str) const
Append the SSL clause for users iff it is specified.
Definition: sql_rewrite.cc:524
void append_mfa_plugin_name(const LEX_MFA *user, String *str) const
Append the authentication plugin name from LEX_MFA for the user.
Definition: sql_rewrite.cc:700
virtual void append_auth_str(LEX_USER *lex, String *str) const
Append the password hash to the output string.
Definition: sql_rewrite.cc:512
bool rewrite(String &rlb) const override
Appends the essential clauses for SHOW CREATE|CREATE|ALTER USER statements in the buffer rlb.
Definition: sql_rewrite.cc:436
void rewrite_account_lock(const LEX *lex, String *str) const
Append the ACCOUNT LOCK clause for users iff it is specified.
Definition: sql_rewrite.cc:593
void append_plugin_name(const LEX_USER *user, String *str) const
Append the authentication plugin name for the user.
Definition: sql_rewrite.cc:678
virtual void rewrite_password_reuse(const LEX *lex, String *str) const =0
The default implementation is to append the PASSWORD REUSE clause iff it is specified.
Definition: sql_rewrite.cc:751
void rewrite_default_roles(const LEX *lex, String *str) const
Append the DEFAULT ROLE clause for users iff it is specified.
Definition: sql_rewrite.cc:785
Wrapper object for parameters required by SHOW CREATE USER statement.
Definition: sql_rewrite.h:70
String * metadata_str
Definition: sql_rewrite.h:80
bool hide_password_hash
Definition: sql_rewrite.h:78
Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex, String *param_metadata_str)
Definition: sql_rewrite.h:72
bool print_identified_with_as_hex_
Definition: sql_rewrite.h:79
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:166
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:35
Wrapper object for user related parameters required by: SET PASSWORD|CREATE USER|ALTER USER statement...
Definition: sql_rewrite.h:60
User_params(std::set< LEX_USER * > *users_set)
Definition: sql_rewrite.h:62
std::set< LEX_USER * > * users
Definition: sql_rewrite.h:64
char * user
Definition: mysqladmin.cc:64
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1065
required string type
Definition: replication_group_member_actions.proto:33
void mysql_rewrite_acl_query(THD *thd, String &rlb, Consumer_type type, const Rewrite_params *params=nullptr, bool do_ps_instrument=true)
Provides the default interface to rewrite the ACL query.
Definition: sql_rewrite.cc:388
void mysql_rewrite_query(THD *thd, Consumer_type type=Consumer_type::TEXTLOG, const Rewrite_params *params=nullptr)
Provides the default interface to rewrite the SQL statements to to obfuscate passwords.
Definition: sql_rewrite.cc:351
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:37
Definition: table.h:2611
Definition: table.h:2720
The LEX object currently serves three different purposes:
Definition: sql_lex.h:3787